使用 PHP 从 public_html 外部读取图像?
这真的很愚蠢,但我尝试了几十种不同的方法,但我终其一生都无法弄清楚我做错了什么.
this is really stupid, but I been trying dozens of different things and I can't for the life of me work out what I am doing wrong.
我有一个 cpanel 安装,具有通常的 public_html 目录并可以访问下面的目录(将该目录称为USER").我正在用图片测试一些东西.
I have a cpanel installation, with the usual public_html directory and access to the directory below that (call that directory "USER"). I am testing out some things with images.
我已经在 public_html 上面放了一个图像文件到 USER 目录中.
I have put an image file above the public_html, into the USER directory.
我编写了一个只有几行的测试 php 脚本:
I have written a test php script which has just a few lines:
if(is_file("../1.jpg")){
echo "<img src="../1.jpg" />";
}else{
echo "not there";
}
is_file 总能找到文件.也试过file_exists和is_readable,这些也都找到了.
The is_file can always find the file. Also tried file_exists and is_readable, these all find the file too.
但即使脚本看到该文件,我也无法弄清楚如何将该文件输出到浏览器.或者即使可以这样做.
But even though the script sees the file, I can't work out how to output that file to the browser. Or even if it is possible to do it this way.
我已将文件的权限更改为所有可读.
I've changed the permissions on the file to all readable.
我试过从根目录设置绝对路径.
I've tried putting an absolute path from the root.
我尝试使用 imagejpeg.
I tried using imagejpeg.
这些都不起作用.
你可能想知道为什么我不只是把图像放在 public_html 中,但这个脚本是我正在做的一个测试,因为我需要弄清楚在提供来自其他域/帐户的图像时有什么可能同一台服务器(它是一个专用服务器).
You may wonder why I don't just put the image within public_html, but this script is a test I'm doing coz I need to figure out what is possible when it comes to serving images from other domains / accounts on the same server (it is a dedicated server).
我可以理解这可能是权限问题或其他原因 - 在这种情况下,我不明白为什么脚本可以找到该文件 - 无论如何,我可能忽略了一些非常愚蠢或基本的东西.因此,如果有人能指出我正确的方向,我将不胜感激.
I can understand that maybe it's a permissions thing or something - in which case I don't understand why the script can find the file - well anyway I am probably overlooking something very stupid or basic. So if anyone could point me in the right direction I would appreciate it.
非常感谢
推荐答案
那是不可能的.当您输出 img 标签时,它只是服务器上的一些文本.它被发送到浏览器,浏览器会尝试获取 src="..."
部分中列出的文件.这是通过 HTTP 请求完成的,因此如果图像位于文档根目录之外,则根据定义,您无法直接获取文件.
That cannot be done. When you output an img tag, that's simply some text on the server. It's sent to the browser and the browser is what attempts to fetch the file listed in the src="..."
portion. That's done via an HTTP request, so if the image is outside of the document root, you cannot by definition fetch the file directly.
如果您可以简单地执行 src="../../../../picture.jpg"
并在文档根目录之外获取图像,您可以在服务器,包括你的配置文件,你的密码文件,等等等等.这将是一个足够大的安全漏洞,足以被认定为疯了.
If you could simply do src="../../../../picture.jpg"
and get an image outside of the document root, you could fetch ANY file on the server, including your config files, your password files, blah blah blah. It'd be a security hole big enough to qualify as insane.
如果您想提供对文档根目录之外的文件的访问权限,则必须通过脚本来实现.最简单的方法是:
if you want to provide access to a file outside of the document root, you'll have to do it via a script. The simplest method is to have:
image.php:
<?php
header('Content-type: image/jpeg');
readfile('/path/to/picture/outside/doc/root/file.jpg');
并在您的 html 中:
and in your html:
<img src="image.php">
还有其他更糟糕的选择,例如使用 Apache 别名指令将外部目录映射到内部"目录、重写 url 等……但这只会让事情变得更加复杂.
There's other nastier options, such as using Apache alias directives to map external directories into "internal" ones, rewriting urls, etc... but that just makes things even more complicated.
相关文章